VPN: Add wireguard-gui service #1013
Draft
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
riskuuse
temporarily deployed
to
internal-build-workflow
GitHub Actions
Inactive
Wireguard-gui is a user friendly WireGuard VPN configuration tool. The user can create WireGuard VPN interfaces and turn them up/down. The business-vm and the chrome-vm are used as an example usecase environments. Normally setting WireGuard requires sudo rights from user. In this case we add polkit rule to allow wireguard-gui execution without sudo and user authentication. WireGuard VPN configurations are stored to /etc/wireguard/ directory and the storage-vm is utilized to make that directory persistent. Usage of listOf instead of attrsOf doesn't allows us to modify application virtual machines configuration externally, which may be crucial for certain use cases like wireguard-gui nixos module where we want to be able to inject wireguard-gui application to a certain list of appvms. Transformation from list to attrs and back to list doesn't preserve order. So we add list element index in the attribute value to preserve it. It is a dirty hack that could remain until better implementation of virtual machines module as well as hosts module is introduced. List of wireguard-gui enabled VMs is written to a text file. Signed-off-by: Risto Kuusela <[email protected]> Co-authored-by: Valentin Kharin <[email protected]>
riskuuse
force-pushed
the
wireguard-gui-wip
branch
from
d459022 to
7e4ba57
Compare
riskuuse
temporarily deployed
to
internal-build-workflow
GitHub Actions
Inactive
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Wireguard-gui is a user friendly WireGuard VPN configuration tool. The user can create WireGuard VPN interfaces and turn them up/down. The business-vm and the chrome-vm are used as an example usecase environments.
Normally setting WireGuard requires sudo rights from user. In this case we add polkit rule to allow wireguard-gui execution without sudo and user authentication.
WireGuard VPN configurations are stored to /etc/wireguard/ directory and the storage-vm is utilized to make that directory persistent.
Usage of listOf instead of attrsOf doesn't allows us to modify application virtual machines configuration externally, which may be crucial for certain use cases like wireguard-gui nixos module where we want to be able to inject wireguard-gui application to a certain list of appvms. Transformation from list to attrs and back to list doesn't preserve order. So we add list element index in the attribute value to preserve it. It is a dirty hack that could remain until better implementation of virtual machines module as well as hosts module is introduced.
List of wireguard-gui enabled VMs is written to a text file.
Description of changes
Checklist for things done
x86_64aarch64riscv64make-checksand it passesnixos-rebuild ... switchInstructions for Testing